I have a Mikrotik that is in one office that pptp clients connect to, I have a site to site vpn with a second mikrotik. I have been unable to get the pptp client to see the remote network across the site to site vpn.
If I setup the pptp client to use the remote gateway, it traces to the external interface of the first Mikrotik and dies.
if I don’t use the remote gateway, it traces to the local gateway and dies.
My pptp clients are on the same subnet as the first mikrotik, so they get an address that is 192.168.10.x which is the same as the first Mikrotik router. I can get to all of the ip’s on the 192.168.10.x subnets from the pptp client just fine.
You can create routes on the host machines (PPTP Clients) telling them how to get to the second network. This will be simple like:
Windows:
route add x.x.x.x mask 255.255.255.x local_IP
You can also look for an option on the client’s for “default connection” that should force all of the traffic over the VPN and thus their default gateway would be the network on the Mikrotik.
I built a quick lab and I can reach all IPs across both Mikrotiks.
C:>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=15ms TTL=64
Reply from 192.168.10.1: bytes=32 time=16ms TTL=64
Reply from 192.168.10.1: bytes=32 time=17ms TTL=64
Reply from 192.168.10.1: bytes=32 time=11ms TTL=64
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 17ms, Average = 14ms
C:>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time=48ms TTL=63
Reply from 192.168.20.1: bytes=32 time=39ms TTL=63
Reply from 192.168.20.1: bytes=32 time=41ms TTL=63
Reply from 192.168.20.1: bytes=32 time=37ms TTL=63
Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 48ms, Average = 41ms
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 ether1 1
1 ADC 2.2.2.0/30 2.2.2.2 ether1 0
2 ADC 192.168.20.0/24 192.168.20.1 ether2 0
[admin@MikroTik] /ip ipsec peer> print
Flags: X - disabled, D - dynamic
0 address=1.1.1.2/32 local-address=:: passive=no port=500 auth-method=pre-shared-key secret="test"
generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes
nat-traversal=yes proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-128,3des
dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@MikroTik] > ip ipsec remote-peers print
0 local-address=1.1.1.2 remote-address=2.2.2.2 state=established side=responder established=1h23m29s
1 local-address=1.1.1.2 remote-address=2.2.2.2 state=established side=initiator established=1h23m29s